feat: various minor improvements / patches for IATP

eclipse-edc · Nov 26, 2023 · d1e6f37 · d1e6f37
1 parent a3ef0f1
commit d1e6f37
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 6 deletions.
diff --git a/core/common/util/src/main/java/org/eclipse/edc/util/uri/UriUtils.java b/core/common/util/src/main/java/org/eclipse/edc/util/uri/UriUtils.java
@@ -0,0 +1,32 @@
+/*
+ *  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
+ *
+ */
+
+package org.eclipse.edc.util.uri;
+
+import java.net.URI;
+
+public class UriUtils {
+    public static boolean equalsIgnoreFragment(URI u1, URI u2) {
+        var str1 = stripFragment(u1.toString());
+        var str2 = stripFragment(u2.toString());
+
+        return str1.equals(str2);
+    }
+
+    public static String stripFragment(String string) {
+        var ix = string.indexOf("#");
+        return ix >= 0 ? string.substring(0, ix) : string;
+    }
+
+}
diff --git a/...als/src/main/java/org/eclipse/edc/verifiablecredentials/linkeddata/DidMethodResolver.java b/...als/src/main/java/org/eclipse/edc/verifiablecredentials/linkeddata/DidMethodResolver.java
@@ -45,8 +45,8 @@ public VerificationMethod resolve(URI id, DocumentLoader loader, SignatureSuite
         return didDocument.getVerificationMethod().stream()
                 .map(verificationMethod -> DataIntegrityKeyPair.createVerificationKey(
                         URI.create(verificationMethod.getId()),
-                        URI.create(verificationMethod.getController()),
                         URI.create(verificationMethod.getType()),
+                        URI.create(verificationMethod.getController()),
                         verificationMethod.serializePublicKey())
                 )
                 .findFirst()

diff --git a/...edentials/src/main/java/org/eclipse/edc/verifiablecredentials/linkeddata/LdpVerifier.java b/...edentials/src/main/java/org/eclipse/edc/verifiablecredentials/linkeddata/LdpVerifier.java
@@ -47,6 +47,7 @@
 import org.eclipse.edc.jsonld.spi.JsonLd;
 import org.eclipse.edc.jsonld.spi.JsonLdKeywords;
 import org.eclipse.edc.spi.result.Result;
+import org.eclipse.edc.util.uri.UriUtils;
 
 import java.io.IOException;
 import java.net.URI;
@@ -132,7 +133,7 @@ private Result<Void> validateCredentialIssuer(JsonObject expanded, VerificationM
             if (issuerUri.isEmpty()) {
                 return failure("Document must contain an 'issuer' property.");
             }
-            if (!issuerUri.get().equals(verificationMethod.id())) {
+            if (!UriUtils.equalsIgnoreFragment(issuerUri.get(), verificationMethod.id())) {
                 return failure("Issuer and proof.verificationMethod mismatch: %s <> %s".formatted(issuerUri.get(), verificationMethod.id()));
             }
         } catch (InvalidJsonLdValue e) {

diff --git a/...rust-service/src/main/java/org/eclipse/edc/iam/identitytrust/IdentityAndTrustService.java b/...rust-service/src/main/java/org/eclipse/edc/iam/identitytrust/IdentityAndTrustService.java
@@ -24,6 +24,7 @@
 import org.eclipse.edc.identitytrust.CredentialServiceUrlResolver;
 import org.eclipse.edc.identitytrust.SecureTokenService;
 import org.eclipse.edc.identitytrust.TrustedIssuerRegistry;
+import org.eclipse.edc.identitytrust.model.CredentialSubject;
 import org.eclipse.edc.identitytrust.model.Issuer;
 import org.eclipse.edc.identitytrust.model.VerifiableCredential;
 import org.eclipse.edc.identitytrust.validation.CredentialValidationRule;
@@ -36,6 +37,7 @@
 import org.eclipse.edc.spi.iam.TokenRepresentation;
 import org.eclipse.edc.spi.result.Result;
 import org.eclipse.edc.util.string.StringUtils;
+import org.jetbrains.annotations.NotNull;
 
 import java.text.ParseException;
 import java.time.Clock;
@@ -111,7 +113,7 @@ public Result<TokenRepresentation> obtainClientCredentials(TokenParameters param
                 .scope(parameters.getScope())
                 .additional(parameters.getAdditional())
                 .build();
-        
+
         var scope = parameters.getScope();
         var scopeValidationResult = validateScope(scope);
 
@@ -200,12 +202,21 @@ public Result<ClaimToken> verifyJwtToken(TokenRepresentation tokenRepresentation
 
         //todo: at this point we have established what the other participant's DID is, and that it's authentic
         // so we need to make sure that `iss == sub == DID`
-        return result.map(u -> extractClaimToken(credentials));
+        return result.compose(u -> extractClaimToken(credentials));
     }
 
 
-    private ClaimToken extractClaimToken(List<VerifiableCredential> credentials) {
-        return null;
+    @NotNull
+    private Result<ClaimToken> extractClaimToken(List<VerifiableCredential> credentials) {
+        if (credentials.isEmpty()) {
+            return failure("No VerifiableCredentials were found on VP");
+        }
+        var b = ClaimToken.Builder.newInstance();
+        credentials.stream().flatMap(vc -> vc.getCredentialSubject().stream())
+                .map(CredentialSubject::getClaims)
+                .forEach(claimSet -> claimSet.forEach(b::claim));
+
+        return success(b.build());
     }
 
     private Collection<? extends CredentialValidationRule> getAdditionalValidations() {